Intelligent CISO Issue 74 | Page 59

F

network

INTELLIGENT network

SECURITY

FTI consulting study reveals trust gaps between CISOs and C-Suites

One-in-three senior executives believe cybersecurity leaders are failing to accurately communicate cybersecurity risk .
TI Consulting has released a study from its Strategic

F

Communications segment that show the communications challenges persisting at the top levels of organisations in relation to cybersecurity .
Many senior leaders believe their cybersecurity chiefs are failing to accurately articulate levels of risk , indicating a lack of trust between executives and security teams that could ultimately leave organisations vulnerable to attack .
In the study , CISO Redefined : Navigating C-Suite Perceptions & Expectations 93 % of UK and Irish leaders surveyed see cybersecurity as a top priority for their organisation – with over 80 % of organisations seeing increased demands to demonstrate cyberreadiness and preparedness .
In light of this , the vast majority ( 81 %) of UK organisations are increasing the decision-making powers of their CISO .
However , there is evidence of a disconnect between senior leaders and security teams around cybersecurity risk with the perception among one in three executives that the CISO is making things sound better than they are .
“ As organisations navigate a regulatory and business environment that is pushing for greater board and leadership oversight of cybersecurity , robust engagement between senior leaders and CISOs will be essential to satisfy stakeholders that cybersecurity risk is being addressed at the top level of the organisation ,” said Kate Brader , Head of Crisis in the Strategic Communications segment at FTI Consulting .
“ Regular cybersecurity briefings , clear roles and procedures around incident response , together with robust testing of response plans can all help to build trust and confidence across the C-suite and cybersecurity teams .”
The study ’ s findings highlight the challenges organisations face , as various frameworks seek to standardise management of cybersecurity risk .
The UK ’ s draft cybersecurity governance code signals the topdown approach to cybersecurity that the government wants to see , while the US National Institute of Standards and Technology ’ s ( NIST ) Cybersecurity Framework was recently updated to include a governance function – which stipulates how cybersecurity should be integrated into an organisation ’ s broader risk management strategy .
Organisational alignment on cybersecurity risk is identified as an imperative requiring strong engagement between the CISO and senior leadership teams .
Orla Cox , Head of Cybersecurity Communications for EMEA in the Strategic Communications segment at FTI Consulting , said : “ This wider remit means that an effective CISO must build trust across business leaders , senior leaders and the board , and prioritise refining their communication skills as much as their technical skills .”
Additional key findings from the survey include :
• The vast majority of leaders believe that their CISOs require communications training , with more than half ( 53 %) flagging this as an immediate priority .
• Pressure on CISOs to demonstrate a return on investment is likely to increase with more than 86 % of organisations having increased their cybersecurity budget in the past 12 months .
• In contrast to the rest of the world , UK leaders were revealed as feeling the greatest pressure on cybersecurity from regulators , followed by customers and then investors .
WWW . INTELLIGENTCISO . COM 59